人懶就會有程式的產出 Orz
我只是不想一直打 openssl 的指令
所以就寫了 build_csr.sh 出來了
#!/usr/bin/env bash if [ $# -lt 1 ]; then echo 1>&2 "$0: Please use \"$0 aaa.domain.com\" or \"$0 *.domain.com\" to generate key and csr files." exit 2 fi DOMAIN=${1//\*/star} openssl req -new -newkey rsa:2048 -nodes -out "$DOMAIN".csr -keyout "$DOMAIN".key -subj "/C=US/ST=California/L=Sunnyvale/O=Yahoo Inc./OU=Information Technology/CN=$1"
其中 subj 部分是公司資訊
偷 Yahoo 的樣式給大家看
請參考這篇 Certificate signing request 維基百科
結果範例
$ ./build_csr.sh aaa.domain.com Generating a 2048 bit RSA private key ...........................................+++ .....+++ writing new private key to 'aaa.domain.com.key' ----- $ ./build_csr_y.sh *.domain.com Generating a 2048 bit RSA private key ..................+++ ................................+++ writing new private key to 'star.domain.com.key' ----- ls aaa.domain.com.csr aaa.domain.com.key build_csr.sh star.domain.com.csr star.domain.com.key $
可以用 openssl req 指令來檢查 CSR 資訊
$ openssl req -in star.domain.com.csr -noout -text Certificate Request: Data: Version: 0 (0x0) Subject: C=US, ST=California, L=Sunnyvale, O=Yahoo Inc., OU=Information Technology, CN=*.domain.com Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:d0:46:97:78:c9:5f:b3:9a:2e:83:39:ed:f7:22: 44:ac:cc:e8:44:8b:9a:61:53:b8:39:46:8a:18:58: 79:51:65:c3:3a:68:a0:3e:93:71:d5:71:c8:a9:2f: ba:74:f5:10:29:83:26:fa:50:cd:51:e9:0b:35:4d: 54:e0:25:70:96:b9:69:15:dc:12:df:51:be:65:34: cc:de:00:44:7f:06:cc:78:a3:2e:6a:54:8a:49:8c: 12:4c:70:9d:8f:42:af:ab:87:c6:2e:4f:de:13:e4: e5:0e:b7:4b:ec:ac:11:11:40:44:31:98:98:61:71: 83:52:0f:9e:36:e8:5c:1f:b5:ef:a4:35:fe:c7:7c: 2d:04:8b:fe:0d:77:b8:4a:e1:5d:04:70:b1:23:07: 26:4e:33:70:c3:ee:08:a7:b8:76:f6:a4:2f:17:a3: b5:09:59:a4:33:2b:8c:87:e8:bb:48:f7:7c:5c:46: 3e:36:cb:95:c4:6b:ef:b0:e1:aa:97:b0:3d:b9:17: 3f:24:aa:e7:b1:a3:b8:35:26:1e:5d:4c:54:af:72: 62:ef:01:68:b3:81:f1:d0:f8:0b:a3:26:1e:04:ff: de:9a:5b:61:33:68:45:00:14:33:20:4d:4e:e9:8c: 1e:02:a2:95:ab:b0:25:bb:de:10:c6:a5:37:f9:f2: 64:83 Exponent: 65537 (0x10001) Attributes: a0:00 Signature Algorithm: sha1WithRSAEncryption 42:81:9b:1f:64:8a:07:61:89:2b:0d:9b:30:31:db:e7:62:b6: 15:af:f1:b8:97:0d:cb:ad:db:76:d4:2d:43:ad:17:3e:dc:31: 2f:40:08:a3:b3:d4:0d:9e:91:c8:33:d0:24:28:d6:ea:cb:af: 54:b0:03:6c:d4:1c:e7:d2:7c:9d:93:02:77:79:64:1b:d3:b9: 46:2d:ab:aa:c1:f7:b6:f7:e8:3f:e0:c7:61:ff:62:65:3f:38: 8d:54:ea:8a:a4:17:56:e7:ea:20:7d:68:4b:9c:ce:37:b7:b5: 06:1e:62:90:b7:7f:13:27:33:27:1d:b9:80:29:fb:c6:af:f9: cc:80:8c:3c:70:71:c5:07:29:55:51:d8:78:3b:0a:f0:35:5f: 95:0f:75:d3:e6:5b:a9:5e:a0:81:51:5b:f1:38:a1:64:41:f9: a5:49:4d:b0:cc:9f:0a:4f:c4:4d:94:61:d7:e8:e4:e3:b7:04: af:07:02:29:52:d2:ce:bc:59:e2:7e:e1:da:60:e7:4a:ad:e7: 57:05:90:6a:fb:b4:5d:cf:fa:b4:a8:7b:40:06:af:fe:c2:f1: 00:f6:3e:d5:f6:3c:a0:68:00:24:de:80:84:c3:24:46:e4:4e: a3:a1:bf:d0:7e:4b:04:c0:51:77:8c:48:c9:d1:a1:89:41:98: d6:2a:58:d3 $
以上只是範例
請勿任意委造他人網域發佈憑證 :p